I do not think chrome will behave any different inside a container than outside. It will run as root, if I read the dockerfile correctly, which will reduce the overall security. So yes, I think this is less secure than just running chrome on the desktop.

On the plus side: It will run on every machine where there is docker and you can get it with a simple docker pull. IIRC that does not properly validate signatures on the image, so who knows how that image was meddled with before it reached you.

the container has to run with the --privileged flag which as per the docker documentation:

"When the operator executes docker run --privileged, Docker will enable to access to all devices on the host as well as set some configuration in AppArmor or SELinux to allow the container nearly all the same access to the host as processes running outside containers on the host. Additional information about running with --privileged is available on the Docker Blog."

as to the implications of the fact that is running as root on the container i don't know, but it sure don't sound good.

Apparently this is actually a she. It is a cool hack she came up with, but unfortunately it is very far away from proper application sandboxing.

X11 just won't allow you to do anything like that. I also find it rather unnecessary to run all that stuff as root inside the container. That makes it much harder to share the containers between users though: root can save all the settings into all the user directories that are being mounted into the container.

Do not repeat this if you care for securely running your applications.